TLS Mastery: Beastie Edition
- Length: 237 pages
- Edition: B
- Language: English
- Publisher: Tilted Windmill Press
- Publication Date: 2021-04-06
- ISBN-10: 1642350524
- ISBN-13: 9781642350524
- Sales Rank: #1228444 (See Top 100 Books)
Transport Layer Security, or TLS, makes ecommerce and online banking possible. It protects your passwords and your privacy. Let’s Encrypt transformed TLS from an expensive tool to a free one. TLS understanding and debugging is an essential sysadmin skill you must have.TLS Mastery takes you through:•How TLS works•What TLS provides, and what it doesn’t•Wrapping unencrypted connections inside TLS•Assessing TLS configurations•The Automated Certificate Management Environment (ACME) protocol•Using Let’s Encrypt to automatically maintain TLS certificates•Online Certificate Status Protocol•Certificate Revocation•CAA, HSTS, and Certificate Transparency•Why you shouldn’t run your own CA, and how to do it anyway•and more!Stop wandering blindly around TLS. Master the protocol with TLS Mastery!
About The Author Acknowledgements Chapter 0: Introduction Who Should Read This Book? TLS, SSL, and Versions Why TLS? Using openssl(1) The OpenSSL Manual The United States and FIPS Applications and TLS TLS versus DTLS Encryption and This Book What’s in This Book Chapter 1: TLS Cryptography Hashes and Cryptographic Hashes Symmetric Encryption Public Key Encryption Message Authentication Codes Digital Signatures Key Lengths Breaking Algorithms Cipher Suites Cipher Suite Names Alternate Cipher Names Included Cipher Suites Cipher Lists and Cipher Ordering When HIGH Isn’t Enough Trust Models and Certificate Authorities Private Key Protection TLS Resumption TLS Secure Renegotiation Perfect Forward Secrecy Server Name Indication Chapter 2: TLS Connections Connecting to Ports Connecting versus Debugging Line Feeds, Carriage Returns, and Newlines TLS-Dedicated TCP Ports Opportunistic TLS Connection Commands DTLS Silencing s_client Specific TLS Versions Choosing Ciphers Chapter 3: Certificates Certificate Standards Trust Anchors Making Your Own Trust Bundle The OpenSSL Trust Bundle Certificate Components Extensions and Constraints Validation Levels Trust and Your Certificate The Chain of Trust Intermediate CAs The Tree of Trust Certificate Validation Encoding Distinguished Encoding Rules (DER) Privacy-Enhanced Mail (PEM) Converting Between Encodings OpenSSL Without Input Files PKCS #12 Creating a PKCS #12 File Viewing a PKCS #12 File Exporting From PKCS#12 Files Certificate Contents Certificate Extensions Certificate Transparency Digital Signature Incomprehensible Certificate Information Skip Keys and Signatures Multi-Name Certificates Wildcard Certificates Viewing Remote Certificates Choosing a CA Chapter 4: Revocation and Invalidation Revoking Certificates Certificate Revocation Lists Online Certificate Status Protocol OCSP Stapling Revocation Failures Browsers Versus Revocation Validation Solutions Chapter 5: TLS Negotiation Certificate Validation Protocol Settings Session and Resumption TLS 1.2 Session and Resumption TLS 1.3 Session and Resumption TLS Failure Examples Chapter 6: Certificate Signing Requests and Commercial CAs Reusing CSRs Why Go Commercial? Gathering Information Public Key Algorithm Common Names OpenSSL Configuration Files Creating CSRs Creating ECDSA CSRs Main req Section Password Management req_distinguished_name Extensions Elliptic Curve Parameters Files Requesting ECDSA Certificates Generating RSA CSRs RSA CSR Configuration File Requesting RSA Certificates Client CSRs Certificates Without Subjects CSRs Without Configuration Files Viewing CSRs Using the CSR and Certificate Reconnecting Files and Finding Reused Keys Chapter 7: Automated Certificate Management Environment How ACME Works ACME Registration ACME Process ACME Challenges HTTP-01 DNS-01 TLS-ALPN-01 Which Challenge Should I Use? Testing ACME ACME clients Dehydrated Dehydrated Hooks Certificate Directory and User Core Dehydrated Configuration Changing CAs Additional Settings Domain List Dehydrated with HTTP-01 Web Server Setup Apache Configuration HTTP-01 Hook Script Running Dehydrated The Dehydrated Directory The Certificate Directory Archiving Certificates Certificate Deployment DNS-01 Challenges DNS-01 Test Environment Configuring a Dynamic Child Zone DNS Aliases DNS-01 Hook Script Running Dehydrated with DNS-01 DNS-01 Collisions Per-Domain Configurations ACME Renewals Chapter 8: HSTS and CAA HTTP Strict Transport Security HSTS Drawbacks Deploying HSTS HSTS Preload Certification Authority Authorization Chapter 9: TLS Testing and Certificate Analysis Server Configuration Testing Private Testing Certificate Transparency Finding Bogus Certificates Certificate Transparency in Certificates What Failure Looks Like Chapter 10: Becoming a CA Private Trust Anchors CA Software OpenSSL CAs Building an OpenSSL CA Root CA Organization and Defaults Configuring CA Policies Configuring Requests Creating the Root Certificate Configuring the Intermediate CA Creating the Intermediate CA Certificate Certificate Databases Chain File Preparing the OCSP Responder Web Site Certificates Revoking Certificates Generating CRLs Client Certificates Private OCSP Responder Name Constraint CAs Becoming a Global Root Afterword Sponsors Print Sponsors Ebook Sponsors Patronizers Copyright Information
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.